lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20230404163018.GJ4514@unreal>
Date:   Tue, 4 Apr 2023 19:30:18 +0300
From:   Leon Romanovsky <leon@...nel.org>
To:     Steffen Klassert <steffen.klassert@...unet.com>
Cc:     "David S. Miller" <davem@...emloft.net>,
        Eric Dumazet <edumazet@...gle.com>,
        Jakub Kicinski <kuba@...nel.org>,
        Paolo Abeni <pabeni@...hat.com>,
        Herbert Xu <herbert@...dor.apana.org.au>,
        netdev@...r.kernel.org, Saeed Mahameed <saeedm@...dia.com>,
        Raed Salem <raeds@...dia.com>
Subject: Re: [GIT PULL] Improve IPsec limits, ESN and replay window

On Mon, Apr 03, 2023 at 09:41:54AM +0300, Leon Romanovsky wrote:
> This series overcomes existing hardware limitations in Mellanox ConnectX
> devices around handling IPsec soft and hard limits.
> 
> In addition, the ESN logic is tied and added an interface to configure
> replay window sequence numbers through existing iproute2 interface.
> 
>   ip xfrm state ... [ replay-seq SEQ ] [ replay-oseq SEQ ]
>                     [ replay-seq-hi SEQ ] [ replay-oseq-hi SEQ ]
> 
> Link: https://lore.kernel.org/all/cover.1680162300.git.leonro@nvidia.com
> Signed-off-by: Leon Romanovsky <leon@...nel.org>
> 
> ----------------------------------------------------------------
> 
> The following changes since commit 5a6cddb89b51d99a7702e63829644a5860dd9c41:
> 
>   net/mlx5e: Update IPsec per SA packets/bytes count (2023-03-20 11:29:52 +0200)
> 
> are available in the Git repository at:
> 
>   https://git.kernel.org/pub/scm/linux/kernel/git/mellanox/linux.git/ tags/ipsec-esn-replay
> 
> for you to fetch changes up to 9f758558e309d11ef31dbdabdb1e3aa1003aebf9:
> 
>   net/mlx5e: Simulate missing IPsec TX limits hardware functionality (2023-04-03 09:29:47 +0300)
> 
> ----------------------------------------------------------------
> Leon Romanovsky (10):
>       net/mlx5e: Factor out IPsec ASO update function
>       net/mlx5e: Prevent zero IPsec soft/hard limits
>       net/mlx5e: Add SW implementation to support IPsec 64 bit soft and hard limits
>       net/mlx5e: Overcome slow response for first IPsec ASO WQE
>       xfrm: don't require advance ESN callback for packet offload

Hi Steffen,

Can you please provide your Acked-by for this patch?
https://lore.kernel.org/all/9f3dfc3fef2cfcd191f0c5eee7cf0aa74e7f7786.1680162300.git.leonro@nvidia.com

Thanks


>       net/mlx5e: Remove ESN callbacks if it is not supported
>       net/mlx5e: Set IPsec replay sequence numbers
>       net/mlx5e: Reduce contention in IPsec workqueue
>       net/mlx5e: Generalize IPsec work structs
>       net/mlx5e: Simulate missing IPsec TX limits hardware functionality
> 
>  .../ethernet/mellanox/mlx5/core/en_accel/ipsec.c   | 329 ++++++++++++++++++---
>  .../ethernet/mellanox/mlx5/core/en_accel/ipsec.h   |  47 ++-
>  .../mellanox/mlx5/core/en_accel/ipsec_fs.c         |  31 +-
>  .../mellanox/mlx5/core/en_accel/ipsec_offload.c    | 198 ++++++++++---
>  net/xfrm/xfrm_device.c                             |   2 +-
>  5 files changed, 496 insertions(+), 111 deletions(-)

Powered by blists - more mailing lists